The logic behind why I did this is because I wanted everyone to have the SAME Logon.bat file as their login script. This keeps everyone’s Active Directory account consistent so if a user needs to have a specific drive or access to an application, we know that everyone’s settings are set in that login script.

The Logon.bat file contains only one line: powershell %0\..\logon.ps1
This simply calls Powershell to run the Logon.ps1 file.

NOTE: If you have an older Windows Operating System than Windows 7 or Windows 2008, you need to make sure you have the required Powershell file to run this login script. Have a look here to download Powershell: Download Windows PowerShell from Microsoft TechNet.

The Logon.ps1 file is the Powershell script which contains the following (which I will explain in detail):

—————————

This line queries Active Directory for user group membership. Seems abit extreme and a lot of code just to query AD for a user’s group membership. This is needed and has to be at the very TOP of the file (ie: first thing that runs) because the rest of the script is based on this code so it’s very important it’s the first code in the script.

This line maps network drives based on the group membership the user is a member of. As you can see from below, if the user is part of the “Head Office” security group, the user will have the G:\drive removed, then get the G:\drive mapped to the network share: \\SERVER\general. If a user is part of the “IS” security group, the user will have the I:\drive removed, then get the I:\drive mapped to the network share: \\SERVER\IS$.

This part of the login script maps printers for the user. If the user is part of the “Head_Office_Printers” security group, they will get both the HeadOffice_DocuCentre_2260 and HeadOffice_HPLaserJet_5200 printers mapped for them (which is on the server called “PRINTSERVER”):

This line copies the Microsoft Office shortcuts (Word, Excel, Powerpoint and Outlook) from the \shortcuts folder (which is located on the NETLOGON shared of the logon server) and copies them down to the user’s Desktop and Start Menu. The “Logonserver” is an actual variable and will detect the logonserver that the user has connected to (helpful if you have multiple domain controllers at multiple sites). I did this to ensure that everyone have a consistent Desktop and Start Menu. Also it gets rid of support calls asking “how do you open up Word as the icon isn’t there?”:

Conclusion: This Powershell port from my KIX script too me a full THREE days of research and testing to get it to work. The problem I’ve found was that there wasn’t a lot of resources available on Powershell for login scripts. At time of writing, Powershell is only in version 2.0. If you also look at some of the codes, they are essentially converted codes from a .VBS script and are not full Powershell specific commands anyway. I think that while Powershell is very powerful in some areas, it’s still in it’s early stages when it comes down to using it in a login script.

Your comments are welcome if you have any suggestions or any further improvements. I hope that this is a good stepping stone for those who want to look at using Powershell for their login scripts. However, if I have to choose, I would choose a KIX script instead.